Vulnerability Details CVE-2024-40890
**UNSUPPORTED WHEN ASSIGNED**
A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.192
EPSS Ranking 95.0%
CVSS Severity
CVSS v3 Score 8.8
Proposed Action
Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request.
Ransomware Campaign
Unknown
Products affected by CVE-2024-40890
-
cpe:2.3:h:zyxel:sbg3300-n000:-
-
cpe:2.3:h:zyxel:sbg3300-nb00:-
-
cpe:2.3:h:zyxel:sbg3500-nb00:-
-
cpe:2.3:h:zyxel:vmg1312-b10a:-
-
cpe:2.3:h:zyxel:vmg1312-b10b:-
-
cpe:2.3:h:zyxel:vmg1312-b10e:-
-
cpe:2.3:h:zyxel:vmg3312-b10a:-
-
cpe:2.3:h:zyxel:vmg3313-b10a:-
-
cpe:2.3:h:zyxel:vmg3926-b10b:-
-
cpe:2.3:h:zyxel:vmg4325-b10a:-
-
cpe:2.3:h:zyxel:vmg4380-b10a:-
-
cpe:2.3:h:zyxel:vmg8324-b10a:-
-
cpe:2.3:h:zyxel:vmg8924-b10a:-
-
cpe:2.3:o:zyxel:sbg3300-n000_firmware:-
-
cpe:2.3:o:zyxel:sbg3300-nb00_firmware:-
-
cpe:2.3:o:zyxel:sbg3500-n000_firmware:-
-
cpe:2.3:o:zyxel:sbg3500-nb00_firmware:-
-
cpe:2.3:o:zyxel:vmg1312-b10a_firmware:-
-
cpe:2.3:o:zyxel:vmg1312-b10b_firmware:-
-
cpe:2.3:o:zyxel:vmg1312-b10e_firmware:-
-
cpe:2.3:o:zyxel:vmg3312-b10a_firmware:-
-
cpe:2.3:o:zyxel:vmg3313-b10a_firmware:-
-
cpe:2.3:o:zyxel:vmg3926-b10b_firmware:-
-
cpe:2.3:o:zyxel:vmg4325-b10a_firmware:-
-
cpe:2.3:o:zyxel:vmg4380-b10a_firmware:-
-
cpe:2.3:o:zyxel:vmg8324-b10a_firmware:-
-
cpe:2.3:o:zyxel:vmg8924-b10a_firmware:-